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DETAILED ACTION 

1 . Claims 1 -26 are pending. 

2. Claims 1-6 are allowable. 

Response to Arguments 

3. Applicant has argued 

''There is no reference whatsoever in Holloway regarding the use of two servers, much 
less establishing a first secure connection... *\ page 11, paragraph 1 . 

The Applicant additionally argues on page 11, paragraph 2: 

'*Thus it is clear that at most, the Holloway system simply employs the same single 

server, single secure connection system described as prior art in the present application " 



The Examiner contends that (Column 7, lines 47-60) recites: 

In operation, when a user claiming to be authorized accesses WWW page 135 on web 
server 136 via browser 105 on client 110, server system 130 compiles applet Ap. Applet 
Ap includes the claimed users and encrypted private key Epppu(Sku) stored on key server 
138../' 
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Clearly, the Applicant's most immediate contention is incorrect. Holloway discloses a 
reference regarding the use of a web server, item 136 and key server, 138. Therefore, 
Holloway at the very least discloses the "use" of two servers. 

Applicant has further argued, (paragraph 1, page 12): 

While the server computer system 130 includes a web server computer 136 and a key 
server computer 138, as illustrated in Figure 7, elements 136 and 138 are clearly part of 
the same server system 130. 

The Examiner contends that even if servers 136 and 138 are part of the same server 
system, they are still considered by Holloway to be two servers. The fact remains that 
Holloway has maintained a distinction between the two entities. For this reason, the 
Examiner has interpreted server 136 and 138 to be a first and second server. 

Additionally, the Examiner contends that Applicant's first and second servers themselves 
may be considered a part of the same "system." Claim 7 clearly has servers 1 and 2 
interacting for a specific singular method as recited in claim 7. By, applicant's own 
reasoning, the first server and second server of claim 7 may be anticipated by a singular 
server, because the first and second server are apart of the same system. 

Applicant has further argued, (paragraph 1, page 12): 

Even if these elements could be interpreted as being separate servers (i.e. first server and 
second server), it is clear that the key server computer 138 is coupled to the web server 
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computer 136 through firewall 137. There is no respective connection from the key 
server 138 to the client computer system 110. 



The Examiner contends however that those of ordinary skill in the art understand that a 
connection between two points may employ multiple nodes in between. For example, if a 
person A calls up a person B via telephone, regardless of the fact that there is an operator 
in between, or telephony apparatus, it is understood that a connection exists between 
person A and person B. 

The Examiner notes that the Internet is a world wide network consisting of billions of 
nodes using TCP/IP protocol. When a client A connects with a server B, the connection 
between the two nodes may potentially hundreds of intermediary nodes in the connection. 
The connection between the client and server is broken up into its constituent packets, 
each of which is sent across a potentially different path before being assembled at their 
destination. 

Despite this, those of ordinary skill in the art nevertheless understand that a connection 
exists between nodes A and B. 



Claim Rejections - 35 USC § 103 
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4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

5. Claims 7-26 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hollo way, US patent 6424718. 



In reference to claim 7; 

Holloway(Column 7, lines 45 - Colunnn 9, line 65) discloses a method of providing and 
authenticating secret data over a network, the network comprising a user device, a first 
server, a second server, and a host application, comprising: 

• Establishing a first secure cormection between the user device and the first server 
in response to an enrollment request ft-om a user; (Column 7, lines 45-60) 

• Sending encrypted enrollment information fi"om the host application to the first 
server. (Column 8, lines 15-34) & (Column 9, lines 55-65) 

• Decrypting the enrollment information at the first server. (Column 8, lines 30-35) 
& (Column 4, lines 50-55) 

• Sending an enrollment applet and a unique identifier fi^om the first server to the 
user device, the unique identifier identifies the user device; (Column 7, lines 45- 
60) 
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• Establishing a second secure connection between the user device and the second 
server, encrypting an access code using the enrollment applet. (Column 8, lines 
55-67) 

• Linking the encrypted access code with the unique identifier and thereafter 
sending the linked encrypted access code and the unique identifier to the second 
server. (Column 9, lines 1-10) & (Column 8, lines 33-55) 

• Encrypting the linked data at the second server and thereafter sending the 
encrypted linked data to the host application. (Column 9, lines 10-25) 

• Verifying the unique identifier at the host application and thereafter creating 
authentication data (col 7, 61-67) & (col 9, 55-67) & (col 9, 1-10) 

• Encrypting the authentication data with the access code, (col 8, lines 15-30) 

• Sending the encrypted authentication data and access code from the host 
application to the second server (Column 8, line 53-67) 

• Sending the encrypted authentication data and access code from the second server 
to the enrollment applet using the second secure connection; (Column 8, line 53- 
67) 

• Storing the encrypted authentication data and access code in the enrollment 
applet. (Column 7, lines 45-60) & (col 8, lines 15-30, 60-67) 

Minor differences in Holloway with the invention exist. HoUoway doesn't explicitly 
state the encrypted authentication data and access code in the applet are stored together. 
Nevertheless, this is implied because the user enters the authentication data through the 
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applet, which means the applet must at least store the data as variables to be later 
transmitted to the server. 

No explicit decryption process is mentioned at the first server, but Holloway mentions a 
process of validation. It is officially noted that it is commonly known in the art that 
validation of encrypted data involves a decryption process to check the contents of the 
encrypted data. 

It would have been obvious to one of ordinary skill in the art to validate the encrypted 
data using a decryption process in order to effective check whether the data is what it is 
purported to be. 

Claim 14, 18 are rejected for the same reasons as claim 7. 
In reference to claim 1 1 : 

Holloway (col 7, 60-67) & (col 8, 15-30) discloses encrypting and sending an enrollment 
applet, a public key, a serial number and an account number from the host to the first 
server, and decrypting the enrollment applet, a public key, a serial number and an account 
number at the first server. 



In reference to claim 15: 
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Holloway discloses the method of claim 14, wherein storing the encrypted authentication 
data and access code includes storing at least a portion of the authentication data and the 
access code in the enrollment applet, (column 8, lines 60-67) 

In reference to claim 19: 

Holloway discloses the system of claim 1 8, wherein the first and second secure 
connections are SSL cormections. (Column 7, lines 62-67) & (Column 7, lines 40-46) 

In reference to claim 20: 

Holloway discloses the system of claim 18, wherein the enrollment applet establishes the 
second secure connection in response to a user entering enrollment information. 

In reference to claim 21 : 

Holloway (Column 7, lines 45-60) and (Column 8, lines 15-50) et seq. discloses the 
system of claim 18, further comprising a plurality of hardware service module, one each 
coupled to the first server, the second server and the host application (Column 9, lines 55- 
65), for performing cryptography, where the performing of cryptography is the 
encryption process. 

In reference to claims 22 & 23: 

Holloway fails to disclose the system of claim 18, wherein the user device comprises a 
personal digital assistant or a personal computer. 

Holloway discloses that client "110" is used by the user to access the server system. 
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(column 7, lines 48-50) 
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The Examiner takes official notice that the user of personal digital assistant or personal 
computers as clients was well known at the time of invention. For example, a user 
accessing stock information with a PDA or a user surfing the internet on a home 
computer are examples in which the PDA and personal computers act as clients. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
access the server using a PDA or computers, because such "clients" are readily available 
on the market and accessible to be sold to people to allow them access to the Internet. 

In reference to claim 24: 

HoUoway discloses (Column 8, lines 15-25) the system of claim 18, wherein at least a 
portion of the enrollment applet is stored on a smart card device, wherein the smartcard 
may be used to access an account from at least one remote location. 

In reference to claim 25: 

Holloway fails to explicitly disclose the system of claim 18, wherein the access code is a 
personal identification number (PIN). 
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The Examiner takes official notice that usage of a PIN as an access code was well known 
at the time of invention. The advantage of a PIN number of course is lightweight, easy to 
remember passcode which may be used to authenticate a user. PIN numbers are widely 
used as passcodes in computer and ATMs. 

It would have been obvious to one of ordinary skill in the art to use a PIN in order to 
authenticate the user with a simple mechanism that doesn't overburden the memory of 
the user. 

In reference to claim 26: 

Holloway discloses the system of claim 18, wherein the access code is a password, where 
the password is a pass-phrase. (Column 47-60) 

Claim 8 is rejected for the same reasons as claim 25. 
Claim 9 is rejected for the same reasons as claim 26. 
Claim 10 is rejected for the same reasons as claim 15. 

Claim 16, 12 are rejected for the same reasons as claim 22. 

Claim 17, 13 are rejected for the same reasons as claims 22 and 24. 
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Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of the final action and the advisory action is not 
mailed under after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension pursuant to 37 CFR 1.136(A) will be calculated fi-om the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS fi-om the mailing date of this final action. 

7. Any inquiry concerning this commimication fi"om the examiner should be directed 
to Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally 
be reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 

supervisor, Gregory A. Morse can be reached on (571)272-3838. 

The Examiner may also be reached through email through Thomas. Ho6@uspto.iJov 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (571)272-2100. 

General Information/Receptionist Telephone: 571-272-2100 pax: 571-273-8300 
Customer Service Representative Telephone: 571-272-2100 fax: 571-273-8300 
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